Access secured storage account using Azure Synapse workspace using SAS token
Hi Team,
We are trying to establish a connectivity between Azure Synapse workspace and Storage account using private endpoint.
We have the following steps in place:
- An Azure Synapse workspace is created with Managed Virtual Network
- Azure Storage account has Networking configuration such that it allows traffic from specified networks and resource instances.
- A managed private endpoint for Azure Synapse workspace is approved in Azure Storage Account.
We are now trying to create a Synapse view using SAS token, but running in to issues which reads
Content of directory on path '/folder/sub1=/sub2=/sub3=*/**' cannot be listed.
P.S: If Storage Blob Data Contributor Role for Synapse Workspace associated with the Storage Account and if we use managed identity instead of SAS , then the query runs fine.
We would like to run Azure Synapse queries using SAS token and no Contributor role assigned..Is it possible?
Is it possible to auto approve the managed private endpoint?
References:
https://learn.microsoft.com/en-us/azure/synapse-analytics/sql/develop-storage-files-storage-access-control?tabs=shared-access-signature#tabpanel_1_shared-access-signature
https://learn.microsoft.com/en-us/azure/synapse-analytics/security/connect-to-a-secure-storage-account